Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-29 | CVE-2016-6846 | Cross-site Scripting vulnerability in Open-Xchange products Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite backend before 7.6.2-rev59, 7.8.0 before 7.8.0-rev38, 7.8.2 before 7.8.2-rev8; AppSuite frontend before 7.6.2-rev47, 7.8.0 before 7.8.0-rev30, and 7.8.2 before 7.8.2-rev8; Office Web before 7.6.2-rev16, 7.8.0 before 7.8.0-rev10, and 7.8.2 before 7.8.2-rev5; and Documentconverter-API before 7.8.2-rev5 allows remote attackers to inject arbitrary web script or HTML. | 6.1 |
| 2017-03-29 | CVE-2017-7298 | Cross-site Scripting vulnerability in Moodle 3.2.2 In Moodle 3.2.2+, there is XSS in the Course summary filter of the "Add a new course" page, as demonstrated by a crafted attribute of an SVG element. | 5.4 |
| 2017-03-29 | CVE-2017-6864 | Cross-site Scripting vulnerability in Siemens Ruggedcom ROX I 2.9.0 The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks. | 5.4 |
| 2017-03-29 | CVE-2017-2687 | Cross-site Scripting vulnerability in Siemens Ruggedcom ROX I 2.9.0 Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability in the integrated web server at port 10000/TCP which is prone to reflected Cross-Site Scripting attacks if an unsuspecting user is induced to click on a malicious link. | 6.1 |
| 2017-03-28 | CVE-2016-9473 | Cross-site Scripting vulnerability in Brave Browser 1.2.16/1.9.56 Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate domain names. | 4.7 |
| 2017-03-28 | CVE-2016-9472 | Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. | 5.4 |
| 2017-03-28 | CVE-2016-9466 | Cross-site Scripting vulnerability in multiple products Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. | 6.1 |
| 2017-03-28 | CVE-2016-9465 | Cross-site Scripting vulnerability in multiple products Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. | 5.4 |
| 2017-03-28 | CVE-2016-9459 | Cross-site Scripting vulnerability in multiple products Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. | 6.1 |
| 2017-03-28 | CVE-2016-9457 | Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 3.2.3 suffers from Reflected XSS. | 5.4 |